Australia’s cyber security skills crisis won’t be solved by thinking conventionally and relying on traditional training methods or talent pools, said Sandra Ragg, Head of the Office of the Prime Minister’s Cyber Security Special Adviser.
“The number of students coming through the formal education pipeline is unlikely to meet the needs of the sector,” she told the recent Cyber Leader’s Forum in Melbourne.
The reality is that not every cyber security professional will need an undergraduate or post-graduate degree, Ms Ragg said, and therefore the industry needs to think more laterally about what a cyber security professional looks like.
PwC’s Asia-Pacific Cyber Lead Steve Ingram agrees, saying generally you are able to teach most people cyber security skills, and that recruitment has to be more about aptitude, adaptability and attitude.
“This skill set is harder to teach, they have to be something that a person naturally has,” he said. Ms Ragg and Mr Ingram both point to innovative programs like With You With Me, which targets former Defence personnel for cyber security roles.
“We have people from defence on our team. They speak the language, and they understand what it takes [to do the job],” Mr Ingram said. “They have great skills, they are well-trained and they are ready to embrace the private sector world.”
The Australian military is set to create 900 new cyber security roles over the next three years, said Mr Ingram, and while this will initially put pressure on the market, in the long run it will create a new talent pool.
“It will make Australia a better place to do business, because these military people will have done cutting-edge cyber security work, and will then move out eventually into the private sector, and they will become a great asset for Australia.”
Ms Ragg describes With You With Me as being a prime example of the new way that industry and government must approach cyber security.
“When it comes to skills, we must think in broad terms about connecting and integrating across a broad ecosystem to address the skills gap,” she said. “We need to come up with unique ways to attract people into the cyber security workforce.”
She also said cyber security roles are not just technical, but also embrace areas as diverse as policy, legal, diplomatic and assurance.
“The list goes on and on, and there are many applicable areas that we have not thought of yet,” she noted. “We need to think more broadly about what a cyber security professional looks like.”
Ms Ragg also said its vital for government and industry to have an open mind about accepting people into cyber security roles that are not traditionally associated with those jobs.
“We need people who can think innovatively, that have problem solving skills and inquisitive minds,” she said. “We want people who can pull things apart and put them together again and apply those lessons to cyber security problems.”
It’s also critical that organisations advocate for the roles they want to fill and the people they need to do those cyber security jobs, she said.
“We need to let people know we want them in our profession, and that cyber security is an option for them,” she said. “If we haven’t considered them, how are they going to consider us?”
Addressing the skills challenge is a multi-faceted problem, and one that is in its early days of being addressed. Ms Ragg said some things will work, and some won’t, but that government and industry needs to move forward building evidence for what will take us collectively forward.
“’We need to be brave enough to say as a community that we will double down on what has worked, and leave behind what has not worked,” she said. “This is the only way to scale.”
She also said that the investment by government and industry is positive, but it needs to be looked at in broad terms.
“Investment is not just for our own pipelines, but for the common good,” she said. “These are skills that exist for Australia.”
PwC is a valued supporter of InnovationAus.com, and was a strategic partner of the ‘Cyber Security: The Leadership Imperative’ forum that was held in Melbourne on October 26.